[PATCH] bfd: alpha: Fix crash caused by double free
James Clarke
jrtc27@jrtc27.com
Sat Dec 31 12:33:00 GMT 2016
Without this, ld has been seen to crash in libc when freeing tsec_free:
*** Error in `/usr/bin/ld': double free or corruption (!prev): 0x0000000120ceb6a0 ***
Since _bfd_elf_link_read_relocs caches the return value when keep_memory
is set, tsec_free cannot always be freed; the cached value ends up being
returned on another invocation and subsequently freed again.
bfd/
* elf64-alpha.c (elf64_alpha_relax_opt_call): Don't free
tsec_free if it has been cached inside tsec's section data.
---
bfd/elf64-alpha.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/bfd/elf64-alpha.c b/bfd/elf64-alpha.c
index 44f2cfe004..dfbc73a833 100644
--- a/bfd/elf64-alpha.c
+++ b/bfd/elf64-alpha.c
@@ -3228,11 +3228,13 @@ elf64_alpha_relax_opt_call (struct alpha_relax_info *info, bfd_vma symval)
if (!gpdisp || gpdisp->r_addend != 4)
{
- if (tsec_free)
+ if (tsec_free != NULL
+ && elf_section_data (info->tsec)->relocs != tsec_free)
free (tsec_free);
return 0;
}
- if (tsec_free)
+ if (tsec_free != NULL
+ && elf_section_data (info->tsec)->relocs != tsec_free)
free (tsec_free);
}
--
2.11.0
More information about the Binutils
mailing list